Skip to content

Commit a2b953b

Browse files
author
Dima Birenbaum
committed
feat(ci): add nightly MSDO toolchain breach monitor
1 parent 8b42d80 commit a2b953b

4 files changed

Lines changed: 1178 additions & 0 deletions

File tree

.github/aw/actions-lock.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@
55
"version": "v8",
66
"sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
77
},
8+
"github/gh-aw-actions/setup@v0.61.0": {
9+
"repo": "github/gh-aw-actions/setup",
10+
"version": "v0.61.0",
11+
"sha": "df014dd7d03b638e860b2aeca95c833fd97c8cf1"
12+
},
813
"github/gh-aw/actions/setup@v0.43.23": {
914
"repo": "github/gh-aw/actions/setup",
1015
"version": "v0.43.23",

.github/toolchain-inventory.yml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
# MSDO Toolchain Inventory
2+
# Source of truth for tools monitored by the breach monitor workflow
3+
# Derived from src/msdo-helpers.ts Tools enum
4+
#
5+
# All versions are noted as "latest (runtime-resolved)" because the MSDO CLI
6+
# resolves tool versions dynamically via NuGet at runtime.
7+
8+
tools:
9+
- name: bandit
10+
description: Python security linter (finds common security issues in Python code)
11+
ecosystem: pypi
12+
version: latest (runtime-resolved)
13+
14+
- name: binskim
15+
description: Binary static analysis tool for Windows/Linux binaries
16+
ecosystem: nuget
17+
version: latest (runtime-resolved)
18+
19+
- name: checkov
20+
description: Infrastructure-as-code security scanner
21+
ecosystem: pypi
22+
version: latest (runtime-resolved)
23+
24+
- name: container-mapping
25+
description: Container image mapping and inventory
26+
ecosystem: nuget
27+
version: latest (runtime-resolved)
28+
29+
- name: eslint
30+
description: JavaScript/TypeScript linter with security rules
31+
ecosystem: npm
32+
version: latest (runtime-resolved)
33+
34+
- name: templateanalyzer
35+
description: ARM/Bicep template security analyzer
36+
ecosystem: nuget
37+
version: latest (runtime-resolved)
38+
39+
- name: terrascan
40+
description: Terraform/IaC security scanner
41+
ecosystem: github
42+
version: latest (runtime-resolved)
43+
44+
- name: trivy
45+
description: Comprehensive vulnerability scanner (containers, filesystems, repos)
46+
ecosystem: github
47+
version: latest (runtime-resolved)
48+
49+
- name: antimalware
50+
description: Windows antimalware scanner (Windows runners only)
51+
platform: windows-only
52+
version: latest (runtime-resolved)

0 commit comments

Comments
 (0)